1. Field of the Invention
This disclosure relates generally to the field of secure communications, and in particular to the issuance and management of biometric certificates in a hierarchy of biometric security systems.
2. Description of Related Art
Electronic transactions may involve diverse types of activities, such as the exchange of information, the permitted entry and access of a person to a facility, and the output of goods or cash to a person. Despite the common need for security, different activities may have different levels of security, and so different activities may utilized different security techniques.
Existing certifying techniques, such as personal certificates employing, for example, passwords and personal information numbers (PINs), have not provided sufficient security since PINs and passwords are often easily guessed, hard to remember, and/or subject to exhaustive or brute-force automated searches.
Digital certificates have emerged as a leading candidate for authenticating electronic transactions. Ideally, digital certificates, such as those defined by the X.509 and ANSI X.9 standards, allow users, buyers, and/or sellers to authenticate electronic documents and transactions in a manner analogous to the authentication of documents by a Notary Public. The combination of public key cryptography and the use of digital certificates provides integrity, privacy and a degree of authentication for on-line transactions to instill a new level of confidence in the electronic services consumer.
While digital certificates improve electronic authentication, they fall short of actually authenticating the persons involved, as digital certificates by themselves only authenticate the private cryptographic key used in the transaction or signature. Since these private keys are physically stored on computers or other electronic storage devices, such private keys are not physically tied to or a part of a person, but are merely associated with the person.
Recently, access to electronic services has been facilitated through identification and security techniques using biometric certificates, such as described in U.S. patent application No. 60/046,012, entitled "BIOMETRIC CERTIFICATES" by Clyde Musgrave et al., which is incorporated herein by reference. Such biometric certificates are useful to authenticate the identity of a person and to bind the biometric of the person to a transaction via a digital certificate. Such biometric certificates may be used as a spoof-proof method for recognizing individuals within an end-to-end secure electronic transaction.
As different electronic transactions may require different levels of security, a need exists for controlling the generating, distributing, revoking, and maintaining of biometric certificates through one or more biometric certifying authorities (BCAs). Such a BCA control system should provide insurability of issued biometric certificates for different electronic transactions.